Discover Unused Mailboxes

Novell Cool Solutions: Feature

Editor's Note: This process has gotten easier. Check out this article to see how you do it in GroupWise 6.5 and GroupWise 7.

Would you like to generate a list of all mailboxes that haven't been logged into in the past 60 days? This could help you if you need to do an audit of active accounts for licensing purposes. This could also help you prevent a huge security problem, because with WebAccess, ex-employees who still have an active e-mail account with your company can easily log in and forward confidential information to competitors. (We have actually heard of this happening before...) In fact, you should explain to your Human Resources Department that they need to notify you immediately when an employee is terminated so you can close their account. It's kind of silly to take away someone's keys and ID badge, but still allow them full access to the company's information.

Here are a few clever ways of checking for inactive e-mail accounts in GroupWise 5.5. If you have other ideas, experiences, or horror stories, please let us know.

Ideas

If you are enforcing a cleanup policy, then
you could use GWCheck to do a mailbox stats report on the post office, and you could use it to list the number of messages in the user's outbox. An empty Outbox indicates a lack of activity. (Inbox items would continue to accumulate regardless of whether the user is using their mailbox.)

(Note: Another trick would be to check people with items in their Inbox, but nothing in their Trash. This might indicate they've gotten a lot of company spam, but haven't thrown any of it away. Very unnatural. They're probably dead.)

If you are not enforcing a cleanup policy, then you could still use GWCheck mailbox stats reports, but you'd need to do two and compare them. Do one
for outbox items over 30 days old and one for those over 1 day old. For each user, subtract the
number of Outbox items in the 30 day+ report from the corresponding number in the 1 day+ report, and you have the recent Outbox activity.

Another solution is to send a message to all users, subject "Read this if you want to keep mail." Then periodically check your Sent items to see who hasn't read it. After several weeks it will probably be safe to delete the users who didn't read it. (Note: This may not work if your users aren't very compliant with requests from the IT department. We've heard horror stories from system admins who say their users won't even open mail from them, except by accident.)

Thoughts from the Trenches

Anthony Hilton

Horror Story

Our Internal Audit department recently got onto us about unused network accounts, so an administrator deleted any which hadn't been used for 90 days. Some fairly senior people never log in but their secretaries proxy their GroupWise accounts. Woops!

Over a few weeks a number of people who had been long-term-sick returned and couldn't login. Most were just happy to have a newly created account and not have any corporate junk mail in their mailboxes.

Tony Haines

I think I may have a far simpler wasy to find these. We currently use Client/Server access only but this should work the same for Direct access mode.

In a DOS windows navigate to the \Post office\OFUSER directory

Do a DIR /o:-d
From this list there will be a number of files with old access dates, USERxxx.DB (where xxx is the FID)

Back into NetWare Admin search the tree for a User,with the NGW: File ID property matching the FID.

Hey, presto, you now have the user name. A simple hack into the account should confirm usage.

Lenny Correa

Can we not have something like last login in NetWare to verify when a gw
user last used their account?

Suggestion:

Since most organizations require GroupWise passwords for their users, why not attach a counter with the GW password field that logs the time and date when a user logged into their GW account.. Once this info is captured, then it is a simple matter of creating a utility to extract the info to a report of sorts. How cool would that be?

Hey, here is another idea. The POA already records each time a user logs into the post office/their GW account, right? Maybe there is a way to capture this info from the POA log and filter it to get what is needed to figure out when someone last logged in. Either way, a tool that gives us the ability to cleanup unused GW accounts is a huge plus for GW admins in mid to large GroupWise sites. I am sure mgt./security would be delighted as well.

Ann White

This is the way I check for accounts that are supposedly inactive:

I created a mailbox for GroupWise Mail/Internet Admin.

From this mailbox I send a message to all users in the GroupWise system. The message usually reads "Testing for delivery on all post offices. Please delete".

After a certain amount of time (30 to 45 days) I go to the Sent Items folder and check the Properties of the message.

I then copy and paste the properties text into an Excel spreadsheet and sort the information on the Action column.

I then look for user IDs that have no action (Opened, Deleted, Replied, etc.) against their account.

I can then contact the managers of the "no action" users to find out if they want the mailbox retained or deleted.

It sounds cumbersome as you have to tweak the Excel spreadsheet, but I find it does work. I have been checking for inactive accounts this way for the last couple of years.

Jennifer Flynn

We also have encountered the horror story Anthony Hilton describes. We modified our procedure a bit to prevent this situation form occurring.

Instead of deleting the account, we simply rename it to DEL_MMDDYY_USERID. That way the account is effectively "disabled". Unless the user is clairvoyant and can figure out what their new ID is, they can't access it. It is easy to go back later and list them all together in order of "deletion" date. After 3 months, if no one has called, we are pretty safe in assuming that they are not a real user. (You should change the visibility to NONE at the same time to prevent people from sending to the renamed account.)

I also liked Tony Haines solution on using access date to sort for inactive user ids and then search for the fid. However, there is an easier way than searching the tree. GW View will actually allow you to sort by FID if you highlight the post office.

Michelle Gagnier

We run into this problem quite frequently and as Anthony Hilton described, there are many users who never login to their accounts but have their secretary's proxy in. Or they don't access their GroupWise through a Novell Account (ie: external entity or web access).

The examples used as a way to find these inactive accounts is not always practical. It would pretty much take a full time employee to stay on top of running reports and comparing dates and that may not be overly accurate as several of our users don't have the need to send but only receive communications from higher up. And changing the user's password and logging in as them just opens up another can of worms.

Is there no way that Novell can write a monitoring tool to let us know when the last time the GroupWise account was active? To me this would be an invaluable tool.

Larry Mosley

Why doesn't GroupWise have a last login date like NDS accounts? This
would make discovering inactive accounts very easy.

Frank Sinak

I agree with Michelle Gagnier that these ideas are not practical for large GroupWise systems. What we must have is a utility to identify unused accounts or a field in NDS stating when the account was last used. PLEASE!

Sam Levine

Greg Arnette, our CTO, wrote up this short response about the
importance and procedure that we use in one of our tools for discovering
unused mailboxes. I hope it is a reasonable addition to your discussion.

To effectively identify dormant mailboxes, GroupWise administrators need to
know the last time a user accessed their mailbox. Unfortunately, GroupWise doesn't provide the "last login" date/time for users' mailboxes.

IntelliReach has found a way to fairly accurately determine an account's
status through the detailed analysis of the GWCheck logs. The daily or weekly GWCheck log file records information whenever a post office maintenance operation is completed. IntelliReach's Mailbox Reporter analyzes GWCheck logs and presents useful results about post office health
and usage.

Mailbox Reporter analyzes the inbox, outbox and deleted item counts over
time. Normal mailbox usage creates variances in the number of items in the outbox and deleted items folders. Inbox counts cannot be used because even a dormant account will still show an increasing number of new messages in the inbox.

To find accounts with a high likelihood of being dormant, the administrator
would run a report covering 30 or 60 days showing accounts with zero percent change for the outbox and deleted items counts.